I-Qualys ithole indlela yokudlula i-malloc kanye nokuvikelwa kwamahhala okuphindwe kabili ukuze kuqaliswe ukudluliselwa kokulawula kukhodi kusetshenziswa ukuba sengozini ku-OpenSSH 9.1 okwanqunywa ukuba nengozi ephansi yokudala ukuxhashazwa okusebenzayo. Ngesikhathi esifanayo, ukuthi kungenzeka ukudala ukuxhashazwa kokusebenza kusengumbuzo omkhulu.
Ukuba sengozini kubangelwa ukufakazela ubuqiniso okuphindwe kabili mahhala. Ukuze udale izimo ukuze ubungozi bubonakale, kwanele ukushintsha isibhengezo seklayenti le-SSH siye ku-“SSH-2.0-FuTTYSH_9.1p1” (noma elinye iklayenti elidala le-SSH) ukuze kusethwe amafulegi okuthi “SSH_BUG_CURVE25519PAD” kanye “SSH_OLD_DHGEX”. Ngemva kokusetha lawa mafulegi, inkumbulo yebhafa ye-“options.kex_algorithms” ikhululwa kabili.
Abacwaningi abavela ku-Qualys, ngenkathi besebenzisa ubungozi, bakwazile ukuthola ukulawula kwerejista yephrosesa ethi “%rip”, equkethe isikhombi esiya kumyalelo olandelayo ozosetshenziswa. Indlela yokuxhaphaza ethuthukisiwe ikuvumela ukuthi udlulisele ukulawula kunoma iyiphi indawo esikhaleni sekheli lenqubo ye-sshd endaweni engabuyekeziwe ye-OpenBSD 7.2, ehlinzekwa ngokuzenzakalelayo nge-OpenSSH 9.1.
Kuyaphawulwa ukuthi i-prototype ehlongozwayo iwukuqaliswa kwesigaba sokuqala kuphela sokuhlasela - ukudala ukuxhashazwa okusebenzayo, kuyadingeka ukudlula izindlela zokuvikela ze-ASLR, NX kanye ne-ROP, nokubalekela ukuhlukaniswa kwe-sandbox, okungenakwenzeka. Ukuze uxazulule inkinga yokudlula i-ASLR, NX ne-ROP, kuyadingeka ukuthola ulwazi mayelana namakheli, olungazuzwa ngokuhlonza okunye ubungozi obuholela ekuvuzeni kolwazi. Isiphazamisi kunqubo yomzali oyilungelo noma i-kernel ingasiza ukuphuma ku-sandbox.
Source: opennet.ru